VDB

GCVE-110-OSM-2026-3310

GCVE-110-OSM-2026-3310
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published April 29, 2026
Malicious VSCode tasks.json that installs malware on user device, when the repository is opened on Visual Studio Code. The URL in tasks.json file uses URL shortner, however the attacker payload is hosted on 165[.]140[.]86[.]190. The URL shortner technique was reported in OSM as part of TasksJacker Campaign, where the final payload is obfuscated JS malware. IOCs: - url: http://165.140.86.190:3000/task/mac?token=90284f1ceaa2 - url: http://165.140.86.190:3000/task/linux?token=90284f1ceaa2 - url: http://165.140.86.190:3000/task/windows?token=90284f1ceaa2 - url: https://locservice.short.gy/ZRsvn1k9m - url: https://locservice.short.gy/ZRsvn1k9l - url: https://locservice.short.gy/ZRsvn1k9w

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›